Researcher denied flight after tweet poking United security

airplane
Credit: Magnus Rosendahl, Public-domain-photos.com

United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.

The researcher, Chris Roberts, attempted to board a United flight from Colorado to San Francisco to speak at a major security conference there this week, but was stopped by the airline's corporate security at the gate. Roberts founded One World Labs, which tries to discover security risks before they are exploited.

Roberts had been removed from a United flight on Wednesday by the FBI after landing in Syracuse, New York, and was questioned for four hours after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts' laptop and other electronics, although his lawyer says he hasn't seen a search warrant.

A lawyer for Roberts said United gave him no detailed explanation Saturday why he wasn't allowed on the plane, saying instead the airline would be sending Roberts a letter within two weeks stating why they wouldn't let him fly on their aircraft.

"Given Mr. Roberts' claims regarding manipulating aircraft systems, we've decided it's in the best interest of our customers and crew members that he not be allowed to fly United," airline spokesman Rahsaan Johnson told The Associated Press. "However, we are confident our flight control systems could not be accessed through techniques he described."

When asked what threat Roberts posed if United's systems couldn't be compromised, Johnson said Sunday: "We made this decision because Mr. Roberts has made comments about having tampered with aircraft equipment, which is a violation of United policy and something customers and crews shouldn't have to deal with."

Johnson said the airline reached Roberts several hours before his flight to tell him he couldn't fly. But a lawyer for Roberts said Sunday that when his client received that call, the caller would only say he or she was from United, and wouldn't give Roberts a name or callback number. When Roberts then tried calling the number back from his phone's caller ID, it rang instead to a resort hotel, and Roberts assumed it was a prank call, Roberts' lawyer said.

In recent weeks, Roberts gave media interviews in which he discussed airline system vulnerabilities. "Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit," he told Fox News.

Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft's engines, fuel and flight-management systems.

"It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat," said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts.

Cardozo said Sunday he hasn't seen a copy of a search warrant that would have been used to seize Roberts' electronics, and that he's working to get the devices returned.

The FBI declined to comment on the matter Sunday.

The Government Accountability Office said last week that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks. "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," its report found.

Roberts took an alternate flight on Southwest Airlines and arrived in San Francisco Saturday evening. He speaks this week at the RSA Conference about computer security vulnerabilities.


Explore further

Chinese airline completes cooking oil fuel flight

© 2015 The Associated Press. All rights reserved.

Citation: Researcher denied flight after tweet poking United security (2015, April 19) retrieved 26 June 2019 from https://phys.org/news/2015-04-denied-flight-tweet.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
761 shares

Feedback to editors

User comments

Apr 19, 2015
Soooo...thir sending the message that if you actively try to test security in order to make peopßle aware of its flaws you should expect harassment and seizure of property?

Isn't that clever.

Now all the people who want to help in that regard have learned to keep their mouths shut. Bravo. So much for the 'land of the free'.

Apr 19, 2015
Some part of me tells me connecting every single thing to the internet is not so great an idea. Every bright and curious person will ponder schemes to exploit new technologies. Its only a matter of time before a serious breach is found and used by terrorists. Why don't we put some technologies on hold where hey aren't absolutely required? Is this the cost of progress?

Apr 19, 2015
Also, what is a security expert doing bragging on social media about exploiting civilian aircraft security systems? This is a very unprofessional behavior and completely unacceptable for someone in the field of security IMO

Apr 19, 2015
The whole point of working in security is to expose the flaws that need fixing. That's completely professional to say that they think something is vulnerable. The unprofessional thing to do, was for the airlines to blacklist him and refuse to comment, rather than fixing the problem.

Apr 19, 2015
They've been warning that the borders are too porous to "terrorists", but nothing has happened. They've claimed the ports are too porous, but nothing has happened. The Road Warrior section on USA Today informs you how to get a gun aboard a flight. And TSA agents are using their position for sexual thrills, not preventing "terrorism". Because they all know "terrorism" is a lie. Just so many fabricated incidents from the New World Order.
On the other hand, NBC News invokes the idea of remote controlling flights, using the Germanwings incident to "justify" it. In fact, the New Wold Order flew the jets on September 11 by remote control! It's basically just the technology used for drones. And, remember, two jets mentioned on September 11 were United!
United doesn't want people to know jets could be compromised electronically, the fact that they weren't proving "terrorism" is a lie, and that jets can be remote controlled now by the New World Order!

Apr 19, 2015
I don't think twitter can be considered a professional channel of communication on sensitive issues like this.

Apr 19, 2015
@antonima, Social media are not considered "unprofessional", its just a medium like any other any many corporations and CEOs use it. Professionals certainly can too.

What would be the point of avoiding Twitter anyway? Anything news worthy is instantly retweeted, but it is always better if news and views come directly from the source.

Apr 19, 2015
Honestly, if you're going to behave like a hacker, don't expect to be treated like a professional! Boasting about compromising the safety of an aircraft on Twitter is so beyond unprofessional it boggles the mind that this idiot thought he could get away with it! If he wanted to "Work With Them", there are channels to go through and safe ways to test his theories without being on a commercial flight risking lives to prove a point! He ought to be on every airline's no fly list til he grows the hell up!

Apr 19, 2015
It is interesting while he was considered by UNITED as severe threat to safety of the flight, he was allowed just few hours later to fly Southwest. It is not clearly about his threat to public safety, the only cover authorities have, real or perceived. It is all about harassment due to content of his speech, in violation of 1st amendment. He was treated as sort of whisleblower but not due to info he gained from government but knowledge he acquired himself. This is dangerous precedent . In other words we could be punish for what we know. The specific knowledge could be declared illegal in itself. It is beyond Orwell.

Apr 19, 2015
When boarding a ship or an aircraft, you are governed by Admiralty law. Any measures the captain or designated crew may take to maintain the safety of a voyage is perfectly within their authority. Argue about it when you leave the aircraft or vessel; however on board, and underway, the captain's orders are not to be trifled with. To disobey a direct order is effectively mutiny. Further, if the captain feels someone would be a risk to the safety of the voyage, they are completely within their rights to refuse passage.

That said, I agree that this security researcher's work was no threat. But let's argue the case on the ground, not in the air.

Apr 19, 2015
Had the researcher NOT publicly tweeted what he did, would United have taken any action to correct their mistakes? Or would they rather had kept the whole affair secret, or worse, Ignored the problems even existed in the hope the whole situation would be forgotten and 'go away'.

We have folks like those self styled Islamic State high grade zombies and goons who would seize on this in a heartbeat. They would not need this researcher to point out United's errors. They would find them and exploit them on their own. Would United have preferred that! Obcenely and outrageously enough, United's management would have preferred to learn this through the deaths maybe of hundreds of innocents. Then they would have sought the fig leaf of 'plausible deniability'. I personally would come back and haunt any corporate creep who would by his/her actions cause 'plausible deniability' (legal lie) to be on my tombstone!

Apr 19, 2015
Then they would have sought the fig leaf of 'plausible deniability'. I personally would come back and haunt any corporate creep who would by his/her actions cause 'plausible deniability' (legal lie) to be on my tombstone!

Agree. BP executives knew it was dangerous before rig explosion. Denied it. TEPCO executives knew about new tectonic fault near Fukushima. Denied it. TBTF Bank executives gambled on risky derivatives that blew up world financial system. They knew how it was going to end. Denied it. The US gave weapons to Osama Bin Laden and ISIS. They knew. Denied.
That's mode of operation of those in charge. Unlikely that they suddenly change and take responsibility.

Apr 19, 2015
When boarding a ship or an aircraft, you are governed by Admiralty law. Any measures the captain or designated crew may take to maintain the safety of a voyage is perfectly within their authority.


Agree. But Admiralty law does not override local law at the gate. The security is the only valid claim that pilot may make and no other claims in contrast to what can be asserted by Captain on high seas. Pilot cannot arrest anybody at the gate and cannot refuse services due to race or other arbitrary criterion if they are in conflict with local laws. Even in flight, pilot cannot do or allow anything that violates law of country he flies over, while Captain on high seas can, such as use of drugs, incarcerate or ever try anyone for theft or murder.

The issue here is that he was denied flight because what he said hours before on twitter and not because he represented any danger or any safety issue. And that's a problem.

Apr 19, 2015
@antonima, Social media are not considered "unprofessional", its just a medium like any other any many corporations and CEOs use it. Professionals certainly can too.


You missed my point. How is boasting about hacking an airplane any different from yelling 'BOMB' at an airport? This is a security expert we are talking about here.

Apr 19, 2015
This sort of nuts. 1. Why not a secure tunnel? 2. Why is it so easily accessible, maybe a padlock or ...? 3. Why kick him off the flight and confirm "my" fears? 4. There's more but I do not wish to lose my flight privileges. 5. Time for decent automated commuter rail!

So I guess airplanes are as secure as banks, but you need plenty of back-up money, how do you back-up lives?

Apr 20, 2015
To each and everyone of you defending his freedom of speech, I only have three words! Learn to Read! "Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft's engines, fuel and flight-management systems." he illegally accessed sensitive workings of an aircraft in flight! I'm surprised this man hasn't been arrested! You can clamor on all you want about 1st amendment rights, but this person didn't obey the laws while obtaining his information. If he wanted to let United know about their security issues, Twitter was not the route with which to do so! He could have contacted the airlines about how easily he accessed their computers via the proper channels as well and maybe wouldn't have been perceived as a threat to their passengers.

Apr 20, 2015
Right on, LostinSpaceman. This clown admitted that he was viewing the data from the aircraft's engine control systems through a box under his seat. I would not knowingly be a passenger on a flight where some hacker is playing around with the plane's electronics.

Apr 20, 2015
He's not a "security professor" he's a grifter.

Apr 20, 2015
Right on, LostinSpaceman. This clown admitted that he was viewing the data from the aircraft's engine control systems through a box under his seat. I would not knowingly be a passenger on a flight where some hacker is playing around with the plane's electronics.

I completely agree. If messing with a smoke detector is a felony, why wouldn't the guy be in trouble for admitting to accessing the airplane's engine information.

Apr 23, 2015
if you actively try to test security in order to make peopßle aware of its flaws you should expect harassment and seizure of property?


It may not be the world's best idea to try mess with an airplane's computer systems with other passengers on-board.

You wouldn't like it either if the passengers in your car were tearing up the upholstery to see if they can find the CAN bus, and trying to see if they can fiddle with the throttle while you're not looking. What if they actually succeed? What if they don't? What if they just manage to crash the computer and send you to the ditch unintentionally?


Apr 23, 2015
Social media are not considered "unprofessional", its just a medium like any other any many corporations and CEOs use it. Professionals certainly can too.


Social media is not the place to publicize sensitive information, like the fact that there are unsecured computer access terminals under some seats of an airplane.

It's a dick move, because it gives the information to anyone who would wish to exploit it. As soon as he said it, every tom, dick and harry went looking for the "box" under their seat.

Apr 24, 2015
The issue here is that he was denied flight because what he said hours before on twitter and not because he represented any danger or any safety issue. And that's a problem.


You call it a problem, but it is really a judgment call. There is no right to set foot on-board a vessel. None. You have no right to that voyage. If the Captain thinks you're more trouble than you're worth, then they are completely within their rights to refuse you. You are of course completely within your rights to take your business elsewhere.

The Pilot has a lot of explaining to do, but the right of refusal is completely legal.

Apr 24, 2015
One commenter went on about 'right of refusal'. Suppose 'Roberts' had said nothing! He was neither expecting pay nor respect for his ideas or work, so why scatter pearls before swine? Then all would be right with the world according to United and the TSA.

That does not mean that no one in the world would be interested in Robert's ideas! Think of the forces in the world that would wish ill of us, our airlines, and our free government. They may be only too happy to pay the man.
Historical precedent exists. At the start of the American Great Rebellion know as our Civil War, a certain Richard Gatling invented the first real machine gun. He was a Tennessee southerner and tried to sell his invention to the Confederacy and was met with no interest when southern generals turned it down out of sheer ignorance. He then tried the same with the Union government. No dice here either. SOME Union officers bought a dozen of his machineguns and defeated the Confederacy at Petersburg.

Apr 25, 2015
@Osiris1 - interesting comment. I now know more about Gatling and his gun design than I ever thought I might want to know! Thanks. As for those forces that might be 'only too happy to pay the man' - the Russians seem to have acquired the largest arsenal (at the time). The development, his background, the civil war use - fascinating. Great supporting example for your view about 'right of refusal'.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more